Skip to content


missing "attr_accessible :slug" #254

mixellent opened this Issue · 4 comments

2 participants


When using a dynamic and more secure attr_accessible approach (code originally by Ryan Bates) where we are blocking all undeclared attr_accessible elements (using Rails v3.1.1):

class ActiveRecord::Base
attr_accessor :accessible


def mass_assignment_authorizer(role = :default)
if accessible == :all
super + (accessible || [])

and trying to save an object using this approach, I get the following error:

ActiveRecord::Base : WARNING: Can't mass-assign protected attributes: slug

PGError: ERROR: null value in column "slug" violates not-null constraint
: INSERT INTO "friendly_id_slugs" ("created_at", "slug", "sluggable_id", "sluggable_type") VALUES ($1, $2, $3, $4) RETURNING "id"

Adding a :slug attribute in my mass_assignment_authorizer method fixes this issue, but is not elegant. How can this be fixed on a core level? I was not able to locate the specific class in the friendly_id library in order to perform such desired change.

@norman norman added a commit that referenced this issue
@norman Avoid mass-assigment
Many devs are making changes to their apps right now to eliminate mass
assigment, so this is a potential source of incompatibility. Since it's
very easy to avoid, let's just make the change so we can be more easily

See issue #254.

I just pushed a small change which I think should help you, please see the notes in the commit referenced above and let me know if the change works for your app.


Norman, this is great! Thanks for the super quick response and fix.
I have tested it just now (using your master version) and I can confirm that it is working as expected. The note is very clear indeed.

Thanks again for this!

@mixellent mixellent closed this

Awesome, glad I could help. Thanks for confirming the fix. I'll push this out in a new version soon, probably before the end of the week and possibly as soon as today.


much appreciated, for now I will just use the master repo :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.